locked
Windows 7 Ultimate piracy? RRS feed

  • Question

  • Hello forums,

    I'm doing some IT work for a small company and ran into an issue updating their server. I'm not sure if the key was kicked out by accident or if the company that installed the software is urm,,,, yeah. Thanks for any help.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 50
    Cached Online Validation Code: 0xc004c4a2
    Windows Product Key: *****-*****-YG69F-9M66D-PMJBM
    Windows Product Key Hash: /kehptF9HHVxM5d8dUnqgcfndXw=
    Windows Product ID: 00426-OEM-8992662-00497
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {50BC52B5-B99C-49C4-BAE8-2CD9887822AB}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{50BC52B5-B99C-49C4-BAE8-2CD9887822AB}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PMJBM</PKey><PID>00426-OEM-8992662-00497</PID><PIDType>2</PIDType><SID>S-1-5-21-1367029425-808354494-3982549023</SID><SYSTEM><Manufacturer>Frontier Systems</Manufacturer><Model>DQ45CB__</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>CBQ4510H.86A.0119.2010.0223.1522</Version><SMBIOSVersion major="2" minor="4"/><Date>20100223000000.000000+000</Date></BIOS><HWID>90633707018400E8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>QA09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600497-02-1033-7600.0000-1282012
    Installation ID: 014032742816324490415726152940025451383723106204545726
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: PMJBM
    License Status: Notification
    Notification Reason: 0xC004F200 (non-genuine).
    Remaining Windows rearm count: 4
    Trusted time: 11/25/2012 1:45:15 AM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0xC004C4A2
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 11:15:2012 00:31
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NgAAAAEABgABAAIAAAABAAAAAQABAAEAnJ+MbWz3yOtSM1QNmClCEIyQzsYqt8LKKIq4zkbK

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
      ACPI Table Name OEMID Value OEMTableID Value
      APIC   INTEL   DQ45CB 
      FACP   INTEL  A M I
      MCFG   INTEL   DQ45CB 
      ASF!   INTEL   DQ45CB 
      SPCR   INTEL   DQ45CB 
      TCPA   INTEL   DQ45CB 
      SLIC   DELL    QA09  

    Sunday, November 25, 2012 7:10 AM

Answers

  • The installation is counterfeit.

    The Key in use is the infamous Lenovo Stolen Key - which was never installed on any legally-sold machine.

    The motherboard appears to me to be a rebadged retail one from a small(ish) company. As such it should not have a SLIC table - but it appears to have a Dell one (and that just ain't gonna happen!)

    Is there a COA sticker on the case of the machine? - if so, for what version and edition of Windows is it valid?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by DNATech Monday, November 26, 2012 3:48 AM
    Sunday, November 25, 2012 10:22 AM
    Moderator

All replies

  • The installation is counterfeit.

    The Key in use is the infamous Lenovo Stolen Key - which was never installed on any legally-sold machine.

    The motherboard appears to me to be a rebadged retail one from a small(ish) company. As such it should not have a SLIC table - but it appears to have a Dell one (and that just ain't gonna happen!)

    Is there a COA sticker on the case of the machine? - if so, for what version and edition of Windows is it valid?


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    • Marked as answer by DNATech Monday, November 26, 2012 3:48 AM
    Sunday, November 25, 2012 10:22 AM
    Moderator
  • Thank you for the quick response! My suspicions are dead on... When I was first called in to work at this place of business, I noticed Ultimate loaded and Windows 7 Pro label attached. I let the owner know this was not a good sign. He said someone else installed the server (pc based dvr) that was traded in for a junk dvr system.

    My question is - Can I simply use the Micorosoft genuine option and purchase Ultimate key and replace? This company is very small and has a tight budget. Me having to reinstall the OS and surveillance software (setup) dns/remote/etc would be even more costly. Or will he have to bite the bullet and start from scratch?

    p.s. I'm not receiving much information from the original installer on where he got this.

    Thank you so much for any input!

    Sunday, November 25, 2012 5:08 PM
  • The simple asnwer is that he didn't 'get it' from anywhere.

    The Key has been published all over the internet, as have the various hacks used to make it look genuine - use an Anytime Upgrade procedure, and apply the hack, and you're away  for almost zero cost and a straight $200+ profit.

    The preferred method for dealing with this is a reformat/reinstall, because it's impossible to know what else was installed at the same time (backdoors, trojans, etc.).

    However, it is possible to just change the Key to the valid one, and activate that.

    I would suggest, though that you run a couple of offline AV scans and see what they have to say. Windows Defender Offline for one (because it actually looks for such hacks and disables them if found), and possibly something like either Kaspersky or Eset scanners.


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, November 25, 2012 5:31 PM
    Moderator
  • Thanks again for the help!

    Last question if you have time.?. Do you have any advice on dealing with this fraudulent person/persons? Microsoft? Authorities?

    Thank you and have a wonderful day!

    Sunday, November 25, 2012 5:38 PM
  • Chances are that there's no relevant paperwork describing exactly what they are supposed to have done - but the FBI are responsible for software piracy cases in the US, so you could threaten him with that, and see what happens. You can also make a piracy report at http://www.microsoft.com/en-us/howtotell/default.aspx


    Noel Paton | Nil Carborundum Illegitemi | CrashFixPC | The Three-toed Sloth

    Sunday, November 25, 2012 5:55 PM
    Moderator